Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- DevNet
- DevNet Networking
- General Networking
- Issue with configuring a VRF via NETCONF on Cisco IOS XE 17.1.1
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
589
Views
2
Helpful
5
Replies
Issue with configuring a VRF via NETCONF on Cisco IOS XE 17.1.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2025 10:19 AM
Hello DevNet Community,
I’m experiencing a problem when trying to configure a VRF via NETCONF on a Cisco IOS XE router running version 17.1.1 (Amsterdam). The NETCONF server returns an unknown-element error for <native> and immediately closes the session. Below is a detailed overview of my setup, the script I’m using, and the logs from the router.
Router: Cisco IOS XE (virtualized environment)
IOS XE version: 17.01.01 (Amsterdam 17.1.1, RELEASE SOFTWARE)
NETCONF client: python3 with ncclient library
NETCONF port: 22 (I also tested 830)
User: admin (privilege level 15
ip ssh version 2
netconf-yang is enabled without any apparent issues
The router shows a successful login message when my script connects via SSH (NETCONF)
Here is a shortened version of my Python script:
#!/usr/bin/env python3
from ncclient import manager
def main():
ip_device = "192.168.255.1"
username = "admin"
password = "admin"
config_vrf = """
<config>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
<unicast/>
</ipv4>
<ipv6>
<unicast/>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</config>
"""
try:
with manager.connect(
host=ip_device,
port=22, # I also tried 830
username=username,
password=password,
hostkey_verify=False,
device_params={'name': 'iosxe'}
) as m:
resp = m.edit_config(target='running', config=config_vrf)
print("Configuration successful!")
print(resp)
except Exception as e:
print("NETCONF Configuration Error:", e)
if __name__ == "__main__":
main()
When I connect and print out the server capabilities, I get:
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:capability:writeable-running:1.0
urn:ietf:params:netconf:capability:startup:1.0
urn:ietf:params:netconf:capability:url:1.0
urn:cisco:params:netconf:capability:pi-data-model:1.0
urn:cisco:params:netconf:capability:notification:1.0
Below are the router logs (with debug NETCONF) captured during the script execution. It shows a successful SSH login, the <rpc> request, and a unknown-element error on <native>:
002441: *Jan 27 2025 14:36:32.409 UTC: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: 192.168.11.1] [localport: 22] at 14:36:32 UTC Mon Jan 27 2025
002442: *Jan 27 2025 14:36:32.413 UTC: GSI: netconf app _s_ssh.[0x7FBE959A1A40]: new ssh connection from 192.168.11.1
002443: *Jan 27 2025 14:36:32.414 UTC: NETCONF: ns_clone.sess=0x7FBE95443320
002444: *Jan 27 2025 14:36:32.414 UTC: NETCONF: naap_accept.clone=0x7FBE95443320
002445: *Jan 27 2025 14:36:32.414 UTC: NETCONF: _nssd.33.snd.now<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:capability:writeable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:startup:1.0</capability><capability>urn:ietf:params:netconf:capability:url:1.0</capability><capability>urn:cisco:params:netconf:capability:pi-data-model:1.0</capability><capability>urn:cisco:params:netconf:capability:notification:1.0</capability></capabilities><session-id>2504274720</session-id></hello>
002446: *Jan 27 2025 14:36:32.414 UTC: NETCONF: _nssd.33.snd.don=7FBE95443320 msg=7FBE95442020
002447: *Jan 27 2025 14:36:32.414 UTC: NETCONF: ne_send.sess=0x7FBE95443320
002448: *Jan 27 2025 14:36:32.416 UTC: GSI: netconf app _s_ssh.[0x7FBE333917B8]: <?xml version="1.0" encoding="UTF-8"?><nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:capabilities><nc:capability>urn:ietf:params:netconf:base:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:base:1.1</nc:capability><nc:capability>urn:ietf:params:netconf:capability:writable-running:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:candidate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:startup:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file,https,sftp</nc:capability><nc:capability>urn:ietf:params:netconf:capability:validate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:xpath:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:notification:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:interleave:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:with-defaults:1.0</nc:capability></nc:capabilities></nc:hello>
002449: *Jan 27 2025 14:36:32.416 UTC: NETCONF: _namn.33.mlc.don=7FBE954242A8
002450: *Jan 27 2025 14:36:32.416 UTC: NETCONF: _narc.33.rcv.ok=7FBE95443320
002451: *Jan 27 2025 14:36:32.416 UTC: NETCONF: netconf_xml_interpret.33.msg_len=1189 bytes
002452: *Jan 27 2025 14:36:32.417 UTC: NETCONF: netconf_xml_interpret.33.ok
002453: *Jan 27 2025 14:36:32.417 UTC: NETCONF: _nem.33.msg_type=1
002454: *Jan 27 2025 14:36:32.417 UTC: NETCONF: netconf hello#17.count=0
002455: *Jan 27 2025 14:36:32.417 UTC: NETCONF: _nem.33.nre_type=3
002456: *Jan 27 2025 14:36:32.417 UTC: NETCONF: _nmfr.33.now=7FBE33338E68
002457: *Jan 27 2025 14:36:32.417 UTC: NETCONF: _nefhm.now=7FBE33338E68
002458: *Jan 27 2025 14:36:32.417 UTC: NETCONF: _nefrp.now=7FBE33338E68
002459: *Jan 27 2025 14:36:32.417 UTC: NETCONF: _nefrcrp.now=7FBE33338E68
002460: *Jan 27 2025 14:36:32.517 UTC: GSI: netconf app _s_ssh.[0x7FBE333917B8]: <?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:3d264d58-3693-4ab0-a651-42f25b571233"><nc:edit-config><nc:target><nc:running/></nc:target><nc:config>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
<unicast/>
</ipv4>
<ipv6>
<unicast/>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</nc:config></nc:edit-config></nc:rpc>
002461: *Jan 27 2025 14:36:32.517 UTC: NETCONF: _namn.34.mlc.don=7FBE95424528
002462: *Jan 27 2025 14:36:32.517 UTC: NETCONF: _narc.34.rcv.ok=7FBE95443320
002463: *Jan 27 2025 14:36:32.518 UTC: NETCONF: netconf_xml_interpret.34.msg_len=684 bytes
002464: *Jan 27 2025 14:36:32.518 UTC: NETCONF: netconf_xml_interpret.34.failure<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"message-id="urn:uuid:3d264d58-3693-4ab0-a651-42f25b571233"><nc:edit-config><nc:target><nc:running/></nc:target><nc:config>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
<unicast/>
</ipv4>
<ipv6>
<unicast/>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</nc:config></nc:edit-config></nc:rpc>
002465: *Jan 27 2025 14:36:32.518 UTC: NETCONF: _nssd.34.snd.now<?xml version="1.0" encoding="UTF-8"?><rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>rpc</error-type><error-tag>unknown-element</error-tag><error-severity>error</error-severity><error-info><bad-element>native</bad-element></error-info></rpc-error></rpc-reply>
002466: *Jan 27 2025 14:36:32.518 UTC: NETCONF: _nssd.34.snd.don=7FBE95443320 msg=7FBE95441F20
002467: *Jan 27 2025 14:36:32.518 UTC: NETCONF: ne_send.sess=0x7FBE95443320
002468: *Jan 27 2025 14:36:32.518 UTC: NETCONF: _nem.34.nre_type=2
002469: *Jan 27 2025 14:36:32.518 UTC: NETCONF: _nmfr.34.now=7FBE33338E68
002470: *Jan 27 2025 14:36:32.518 UTC: NETCONF: _nefrp.now=7FBE33338E68
002471: *Jan 27 2025 14:36:32.518 UTC: NETCONF: _nefrcrp.now=7FBE33338E68
002472: *Jan 27 2025 14:36:33.530 UTC: NETCONF: ns_destroy.sess=0x7FBE95443320
Router logs show:
<rpc-error>
<error-type>rpc</error-type>
<error-tag>unknown-element</error-tag>
<error-severity>error</error-severity>
<error-info>
<bad-element>native</bad-element>
</error-info>
</rpc-error>
Python script side:
NETCONF Configuration Error: Not connected to NETCONF server
(Because the session is closed by the router.)
How can I resolve my issue where the <native> element from the Cisco-IOS-XE-native YANG model isn’t being recognized on IOS XE 17.1.1, including whether there’s a known version limitation, a need to install or enable something extra, use a different namespace for VRF, or perform additional debug steps to ensure the data model is properly loaded?
I’d greatly appreciate any guidance or ideas on how to fix this. Thank you in advance!
Best regards,
Maxime.
Labels:
- Labels:
-
Other Networking Topics
5 Replies 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2025 06:03 AM - edited 01-28-2025 06:05 AM
Hi
Add the netconf namespace to config element. Changing your payload to the following should work:
config_vrf = """
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
<unicast/>
</ipv4>
<ipv6>
<unicast/>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</config>
"""
HTH
Marcel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2025 09:51 AM
Hi, thanks so much for the suggestion! I updated my script to add the NETCONF namespace on the <config> element exactly as you recommended:
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
...
</native>
</config>
But I still run into errors on the router side. Below is the corresponding router logs.
The router logs show a successful login, then a unknown-element error on <native>:
003051: *Jan 28 2025 16:35:38.578 UTC: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: 192.168.11.239] [localport: 22] at 16:35:38 UTC Tue Jan 28 2025
003052: *Jan 28 2025 16:35:38.583 UTC: GSI: netconf app _s_ssh.[0x7FBE959A1A40]: new ssh connection from 192.168.11.239
003053: *Jan 28 2025 16:35:38.583 UTC: NETCONF: ns_clone.sess=0x7FBE95441B20
003054: *Jan 28 2025 16:35:38.583 UTC: NETCONF: naap_accept.clone=0x7FBE95441B20
003055: *Jan 28 2025 16:35:38.584 UTC: NETCONF: _nssd.53.snd.now<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:capability:writeable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:startup:1.0</capability><capability>urn:ietf:params:netconf:capability:url:1.0</capability><capability>urn:cisco:params:netconf:capability:pi-data-model:1.0</capability><capability>urn:cisco:params:netconf:capability:notification:1.0</capability></capabilities><session-id>2504268576</session-id></hello>
003056: *Jan 28 2025 16:35:38.584 UTC: NETCONF: _nssd.53.snd.don=7FBE95441B20 msg=7FBE95441EA0
003057: *Jan 28 2025 16:35:38.584 UTC: NETCONF: ne_send.sess=0x7FBE95441B20
003058: *Jan 28 2025 16:35:38.586 UTC: GSI: netconf app _s_ssh.[0x7FBE95F58028]: <?xml version="1.0" encoding="UTF-8"?><nc:hello xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"><nc:capabilities><nc:capability>urn:ietf:params:netconf:base:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:base:1.1</nc:capability><nc:capability>urn:ietf:params:netconf:capability:writable-running:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:candidate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:confirmed-commit:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:startup:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:url:1.0?scheme=http,ftp,file,https,sftp</nc:capability><nc:capability>urn:ietf:params:netconf:capability:validate:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:xpath:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:notification:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:interleave:1.0</nc:capability><nc:capability>urn:ietf:params:netconf:capability:with-defaults:1.0</nc:capability></nc:capabilities></nc:hello>
003059: *Jan 28 2025 16:35:38.586 UTC: NETCONF: _namn.53.mlc.don=7FBE95423D08
003060: *Jan 28 2025 16:35:38.586 UTC: NETCONF: _narc.53.rcv.ok=7FBE95441B20
003061: *Jan 28 2025 16:35:38.586 UTC: NETCONF: netconf_xml_interpret.53.msg_len=1189 bytes
003062: *Jan 28 2025 16:35:38.586 UTC: NETCONF: netconf_xml_interpret.53.ok
003063: *Jan 28 2025 16:35:38.587 UTC: NETCONF: _nem.53.msg_type=1
003064: *Jan 28 2025 16:35:38.587 UTC: NETCONF: netconf hello#27.count=0
003065: *Jan 28 2025 16:35:38.587 UTC: NETCONF: _nem.53.nre_type=3
003066: *Jan 28 2025 16:35:38.587 UTC: NETCONF: _nmfr.53.now=7FBE33338E68
003067: *Jan 28 2025 16:35:38.587 UTC: NETCONF: _nefhm.now=7FBE33338E68
003068: *Jan 28 2025 16:35:38.587 UTC: NETCONF: _nefrp.now=7FBE33338E68
003069: *Jan 28 2025 16:35:38.587 UTC: NETCONF: _nefrcrp.now=7FBE33338E68
003070: *Jan 28 2025 16:35:38.688 UTC: GSI: netconf app _s_ssh.[0x7FBE95F58028]: <?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:5a7337c4-a392-4623-8c88-b134bb985957"><nc:edit-config><nc:target><nc:running/></nc:target><nc:config>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
<unicast/>
</ipv4>
<ipv6>
<unicast/>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</nc:config></nc:edit-config></nc:rpc>
003071: *Jan 28 2025 16:35:38.689 UTC: NETCONF: _namn.54.mlc.don=7FBE95427598
003072: *Jan 28 2025 16:35:38.689 UTC: NETCONF: _narc.54.rcv.ok=7FBE95441B20
003073: *Jan 28 2025 16:35:38.689 UTC: NETCONF: netconf_xml_interpret.54.msg_len=684 bytes
003074: *Jan 28 2025 16:35:38.689 UTC: NETCONF: netconf_xml_interpret.54.failure<?xml version="1.0" encoding="UTF-8"?><nc:rpc xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0"message-id="urn:uuid:5a7337c4-a392-4623-8c88-b134bb985957"><nc:edit-config><nc:target><nc:running/></nc:target><nc:config>
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native"">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
<unicast/>
</ipv4>
<ipv6>
<unicast/>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</nc:config></nc:edit-config></nc:rpc>
003075: *Jan 28 2025 16:35:38.689 UTC: NETCONF: _nssd.54.snd.now<?xml version="1.0" encoding="UTF-8"?><rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><rpc-error><error-type>rpc</error-type><error-tag>unknown-element</error-tag><error-severity>error</error-severity><error-info><bad-element>native</bad-element></error-info></rpc-error></rpc-reply>
003076: *Jan 28 2025 16:35:38.690 UTC: NETCONF: _nssd.54.snd.don=7FBE95441B20 msg=7FBE95441A20
003077: *Jan 28 2025 16:35:38.690 UTC: NETCONF: ne_send.sess=0x7FBE95441B20
003078: *Jan 28 2025 16:35:38.690 UTC: NETCONF: _nem.54.nre_type=2
003079: *Jan 28 2025 16:35:38.690 UTC: NETCONF: _nmfr.54.now=7FBE33338E68
003080: *Jan 28 2025 16:35:38.690 UTC: NETCONF: _nefrp.now=7FBE33338E68
003081: *Jan 28 2025 16:35:38.690 UTC: NETCONF: _nefrcrp.now=7FBE33338E68
003082: *Jan 28 2025 16:35:38.702 UTC: NETCONF: nsc_fn.fn=0x556AE6F339A0, sess=0x7FBE95441B20
003083: *Jan 28 2025 16:35:38.702 UTC: NETCONF: nsc_function.sess=0x7FBE95441B20, nmi=22
003084: *Jan 28 2025 16:35:38.702 UTC: GSI: netconf app _s_ssh.[0x7FBE95F58028]: waiting for processes to exit
003085: *Jan 28 2025 16:35:38.702 UTC: NETCONF: nm_proc.fn.pointer=0x556AE6F339A0, value=22
003086: *Jan 28 2025 16:35:38.702 UTC: NETCONF: nim_execute.fn=0x556AE6F339A0, sess=0x7FBE95441B20
003087: *Jan 28 2025 16:35:38.702 UTC: NETCONF: ns_stop.gsi_destroy.delayed
003088: *Jan 28 2025 16:35:39.702 UTC: NETCONF: ns_destroy.sess=0x7FBE95441B20
I’ve also tried switching ports (port=22 vs. port=830), and tested both YANG model approaches with or without the <config> namespace set to urn:ietf:params:xml:ns:netconf:base:1.0. The error consistently comes back as unknown-element <native>.
It’s puzzling that <native> is not recognized, even when namespaced properly. Thank you again for the recommendation—unfortunately, the problem persists. If you have any more ideas or if you see something else I might be missing, please let me know!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2025 12:24 PM - edited 01-28-2025 12:26 PM
I see you use a virtual device. What kind of virtualized device are you using exactly and in which environment are you running it (cml, gns something else)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2025 09:57 AM
I'm using a CSR virtual device with the IOS XE Version 17.01.01 (Amsterdam 17.1.1) running on an ESXi hypervisor.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2025 02:20 AM
Ok, strange.
Well I noticed another issue: There is no <unicast> element under the address families in the VRF definition, try to delete those two elements.
The following runs in my lab without issues:
from ncclient import manager
def main():
ip_device = "10.x.x.x"
username = "x"
password = "x"
config_vrf = """
<config xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<native xmlns="http://cisco.com/ns/yang/Cisco-IOS-XE-native">
<vrf>
<definition>
<name>VRF-TEST</name>
<rd>65000:1</rd>
<address-family>
<ipv4>
</ipv4>
<ipv6>
</ipv6>
</address-family>
</definition>
</vrf>
</native>
</config>
"""
try:
with manager.connect(
host=ip_device,
port=830,
username=username,
password=password,
hostkey_verify=False,
device_params={'name': 'iosxe'}
) as m:
resp = m.edit_config(target='running', config=config_vrf)
print("Configuration successful!")
print(resp)
except Exception as e:
print("NETCONF Configuration Error:", e)
if __name__ == "__main__":
main()Cheers
Marcel
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents